The U.S. Federal Trade Commission has finalized an order requiring Marriott International Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC to implement a comprehensive information security program to settle charges following multiple hacks of the hotel group that led to the theft of details of 344 million customers globally.
In its grievance, the FTC mentions three hacks targeting the hotel and resort group, with the most important hack occurring in 2018, which on the time was reported to have involved 500 million customer records. Marriott and Starwood were hacked again twice in 2022 — March 2022 with the theft of 5.2 million records and a second hack that 12 months in July.
The FTC grievance charged that Marriott and Starwood deceived consumers by claiming to have reasonable and appropriate data security once they did not deploy reasonable security to guard consumers’ personal information. “These security failures resulted in a minimum of three separate data breaches that enabled malicious actors to acquire vast amounts of non-public information from tons of of tens of millions of consumers, including passport information, payment card numbers, and loyalty numbers,” the grievance states.
Under the order, Marriott and Starwood are required to determine a comprehensive information security program to safeguard customer information, implement a policy to retain personal information only for so long as is fairly vital and establish a link on their web sites for U.S. customers to request that private information related to their email address or loyalty rewards account be deleted.
The order also requires Marriott to revive stolen loyalty points upon request from a customer.
To be certain that they don’t misbehave again in the longer term, Marriott and Starwood are actually prohibited from misrepresenting how they collect, maintain, use, delete, or disclose customer’s personal information.
The Commission voted 3-2 in favor of the order, with two commissioners recusing themselves from the vote.
Though neither Marriott nor Starwood have experienced one other hack since 2020, the incontrovertible fact that they managed to hit a hat trick within the space of three years indicates gross corporate negligence. Regardless of the FTC order, it’s unlikely that the businesses will allow the identical to occur again in the event that they will help it.
Image: SiliconANGLE/Ideogram
Your vote of support is essential to us and it helps us keep the content FREE.
One click below supports our mission to supply free, deep, and relevant content.
Join our community on YouTube
Join the community that features greater than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and plenty of more luminaries and experts.
THANK YOU